security/hakurei
6
3
Fork 1
Code Issues 11 Pull Requests 1 Actions 1 Packages Projects Releases 13 Wiki Activity

13 Releases 13 Tags

RSS Feed
  • v0.2.0 07194c74cb
    Compare

    v0.2.0
    All checks were successful
    Release / Create release (push) Successful in 39s
    Details
    Test / Sandbox (push) Successful in 41s
    Details
    Test / Hakurei (push) Successful in 1m9s
    Details
    Test / Create distribution (push) Successful in 24s
    Details
    Test / Hpkg (push) Successful in 1m10s
    Details
    Test / Sandbox (race detector) (push) Successful in 4m5s
    Details
    Test / Hakurei (race detector) (push) Successful in 5m12s
    Details
    Test / Flake checks (push) Successful in 1m31s
    Details
    Stable

    cat released this 2025-08-26 02:23:59 +09:00 | 696 commits to master since this release

    API Changes

    • Remove cover field from hst/container.
    • Remove symlink field from hst/container.
    • Field data has been renamed to home.
    • field dir has been removed since it is made redundant by filesystem.
    • All pathname fields now take the *container.Absolute type. Does not break json.
    • The filesystem field now accepts many types of supported filesystems.
    • Container root behaviour is now configured through the filesystem field.
    • Autoetc behaviour is now accessible through a special bind type filesystem.
    • Autoroot behaviour is now accessible through a special bind type filesystem.
    • The enablement flags are now represented in json as boolean fields.
    • Net and Abstract fields have been renamed. Does not break json.
    • Autoroot prefix has been removed.
    • Share path now uses hsu userid.

    Fixes

    • Unexport internal container state.
    • Package container no longer attempts to look up executable file from name.
    • Set up acl on X server socket.
    • Check container setup op equivalence by value.
    • Validate container setup ops early.

    Enhancements

    • Export mount string constants.
    • Export FHS pathname constants
    • Mount mqueue as part of /dev.
    • Mount container /dev read only.
    • High-level API for overlay mounts in container.
    • The hakurei show command now exposes more information.
    • Optionally isolate host abstract UNIX domain sockets via landlock.
    • Ptrace protection via Yama LSM.

    Internal

    • Move tmpfs pathname prefixing to caller.
    • Expose interactive testing vm for tracing.
    • Reduce noise in non-verbose tests and test failures.
    • CAP_DAC_OVERRIDE is now raised for container/init.
    • Container setup ops are now able to share global state.
    • Enforce nonrepeatable autoetc and autoroot.
    • Container now spawns on a locked thread tied to its lifecycle.
    • Full test coverage has been achieved in container setup code.
    • NixOS module config validation is now implemented via hakurei show.
    • Output of initial hakurei run in vm tests is no longer discarded.

    Full Changelog: v0.1.3...v0.2.0

    Downloads